Merge branch 'safe-netrc' into 'master'

Remove old safe_netrc implementation in favour of third-party dependency

See merge request lscsoft/lvalert!21

.gitlab-ci.yml

@@ -76,6 +76,7 @@ build:el7:
     # install build-depends
     - mk-build-deps --tool "apt-get -y" --install --remove
     # build binary packages
+    - dch --local "-ci" -b "Rebuilt automatically on git.ligo.org CI"
     - dpkg-buildpackage -us -uc -b
     - popd
     # clean up tarball and build folder (to remove from artefacts)

bin/lvalert_admin

@@ -25,10 +25,9 @@ import getpass
 import uuid
 from optparse import *
 
-# pubsub import must come first because it overloads part of the
-# StanzaProcessor class
+from safe_netrc import netrc as safe_netrc
+
 from ligo.lvalert import pubsub
-from ligo.lvalert.utils import safe_netrc
 
 from pyxmpp.all import JID,Iq,Presence,Message,StreamError,TLSSettings
 from pyxmpp.jabber.all import Client

bin/lvalert_listen

@@ -29,10 +29,9 @@ import six.moves.configparser
 from subprocess import Popen, PIPE
 from optparse import *
 
-# pubsub import must come first because it overloads part of the
-# StanzaProcessor class
+from safe_netrc import netrc as safe_netrc
+
 from ligo.lvalert import pubsub
-from ligo.lvalert.utils import safe_netrc
 
 from pyxmpp.all import JID,Iq,Presence,Message,StreamError,TLSSettings
 from pyxmpp.jabber.all import Client

bin/lvalert_send

@@ -26,10 +26,9 @@ import getpass
 import uuid
 from optparse import OptionParser
 
-# pubsub import must come first because it overloads part of the
-# StanzaProcessor class
+from safe_netrc import netrc as safe_netrc
+
 from ligo.lvalert import pubsub
-from ligo.lvalert.utils import safe_netrc
 
 from pyxmpp.all import JID,TLSSettings
 from pyxmpp.jabber.all import Client

debian/control

@@ -9,6 +9,7 @@ Build-Depends:
   python-setuptools, python3-setuptools,
   python-six, python3-six,
   python-dnspython, python3-dnspython,
+  python-safe-netrc, python3-safe-netrc,
   python-sleekxmpp, python3-sleekxmpp,
   help2man,
 Standards-Version: 3.8.4
@@ -25,6 +26,7 @@ Depends:
   python-libxml2,
   python-ligo-common,
   python-pyasn1,
+  python-safe-netrc,
 Provides: ${python:Provides}
 Description: LIGO-Virgo Alert Network - Python
  The LIGO-Virgo Alert Network (LVAlert) is a prototype notification service
@@ -40,6 +42,7 @@ Depends:
   ${python3:Depends},
   python3-dnspython,
   python3-ligo-common,
+  python3-safe-netrc,
   python3-sleekxmpp,
 Provides: ${python3:Provides}
 Description: LIGO-Virgo Alert Network - Python

ligo-lvalert.spec

@@ -36,6 +36,7 @@ Provides: %{name}
 Obsoletes: %{name}
 Requires: python-six
 Requires: python2-ligo-common
+Requires: python2-safe-netrc
 Requires: pyxmpp
 Requires: python-sleekxmpp
 
@@ -51,6 +52,7 @@ tools for interacting with the LVAlert jabber server.
 %package -n python%{python3_pkgversion}-%{name}
 Summary:  %{summary}
 Requires: python%{python3_pkgversion}-ligo-common
+Requires: python%{python3_pkgversion}-safe-netrc
 Requires: python%{python3_pkgversion}-six
 Requires: python%{python3_pkgversion}-sleekxmpp
 

ligo/lvalert/__init__.py

@@ -28,7 +28,8 @@ import uuid
 import ssl
 
 import pkg_resources
-from ligo.lvalert.utils import safe_netrc as _netrc
+
+from safe_netrc import netrc as _netrc
 
 import sleekxmpp
 

ligo/lvalert/utils.py

@@ -16,7 +16,6 @@
 # You should have received a copy of the GNU General Public License
 # along with lvalert.  If not, see <http://www.gnu.org/licenses/>.
 
-from netrc import netrc, NetrcParseError
 import stat
 import sys
 import os
@@ -232,34 +231,3 @@ def submit_condor_job(subfile):
   p = Popen(["condor_submit "+subfile], shell=True).pid
   
   return p
-
-class safe_netrc(netrc):
-    """The netrc.netrc class from the Python standard library applies access
-    safety checks (requiring that the netrc file is readable only by the
-    current user, and not by group members or other users) only if using the
-    netrc file in the default location (~/.netrc). This subclass applies the
-    same access safety checks regardless of the path to the netrc file."""
-
-    def _parse(self, file, fp, *args, **kwargs):
-        # Copied and adapted from netrc.py from Python 2.7
-        if os.name == 'posix':
-            prop = os.fstat(fp.fileno())
-            if prop.st_uid != os.getuid():
-                try:
-                    fowner = pwd.getpwuid(prop.st_uid)[0]
-                except KeyError:
-                    fowner = 'uid %s' % prop.st_uid
-                try:
-                    user = pwd.getpwuid(os.getuid())[0]
-                except KeyError:
-                    user = 'uid %s' % os.getuid()
-                raise NetrcParseError(
-                    ("~/.netrc file owner (%s) does not match"
-                     " current user (%s)") % (fowner, user),
-                    file)
-            if (prop.st_mode & (stat.S_IRWXG | stat.S_IRWXO)):
-                raise NetrcParseError(
-                   "~/.netrc access too permissive: access"
-                   " permissions must restrict access to only"
-                   " the owner", file)
-        return netrc._parse(self, file, fp, *args, **kwargs)

setup.cfg

@@ -39,6 +39,7 @@ install_requires =
     pyasn1>=0.1.8
     pyasn1-modules>=0.0.5
     ligo-common
+    safe-netrc
     sleekxmpp>=1.3.3
     numpy
     six

setup.py

@@ -39,7 +39,7 @@ setup(
 #  provides = ['ligo.lvalert'],
   packages = find_packages(),
 
-  install_requires = install_reqs.extend(['sleekxmpp', 'dnspython', 'numpy', 'six']),
+  install_requires = install_reqs.extend(['safe-netrc', 'sleekxmpp', 'dnspython', 'numpy', 'six']),
   #install_requires = ['sleekxmpp', 'dnspython', 'numpy', 'six','recommonmark', 'sphinx', 'sphinx-argparse'],
 
   scripts = [